Kristian Covic

Name of the Vulnerable Software and Affected Versions: Affected versions not specified Description: An unauthenticated remote attacker can alter the device configuration to achieve remote code execution as root with specific configurations. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Autel MaxiCharger AC Wallbox Commercial autocharge (affected versions not specified) **Description** The issue is a stack-based buffer overflow that allows for remote code execution. It was discovered by Tobias Scharnowski, Felix Buchmann, and Kristian Covic. The vulnerability was demonstrated at Pwn2Own. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WOLFBOX Level 2 EV Charger (affected versions not specified) **Description** This issue allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. The flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications, resulting from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this to bypass authentication on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.